The Overlap of AML Compliance with Tax Compliance: FinCEN finalizes its Customer Due Diligence Rules

Anti-money laundering officers face greater burdens and risks because of the 2010 U.S. imposition of the cross-border, automatic sharing of financial information (FATCA) which in turn led to the global agreement among over 100 countries to adopt more expansive information sharing through an OECD Common Reporting Standard (CRS). FATCA and CRS require an enhanced customer identification program (CIP) and know your customer program (KYC), leveraging the AML customer due diligence (CDD) system, to take into a customer’s compliance with national and foreign tax reporting obligations. The lack of previous relationship of AML compliance and tax compliance led to nearly 100 non-prosecution agreements (NPA) against Swiss financial institutions since the initial 2009 UBS NPA along side scores of successful criminal prosecutions of bank officers and their clients.

As a result of the geo-political fallout of the Panama Papers, FinCEN published on May 11, 2016 its finalized long awaited 2014 proposed Customer Due Diligence Requirements for Financial Institutions rule that U.S. financial institutions begin to collect information on the ultimate beneficial owners of accounts, irrespective of the layers of entities (the “CDD rules”). The CDD rules require that U.S. financial institutions, by May 11, 2018, look through any legal persons or relationships such as corporate entities and trusts, until the final individual owner or owners are identified and their information collected to share with the U.S. treasury. U.S. Treasury in turn will share these beneficial owners and their information with foreign governments - automatically.

The CDD rules amend the existing Bank Secrecy Act (BSA) regulations to help prevent the use of anonymous companies to launder the proceeds of illegal activity in the U.S. financial sector. The Panama Papers points to the widespread use of Delaware and Nevada companies in this regard, and many news organizations have reported that the U.S. is the last bastion of secrecy because it does not necessarily require banks or company service providers in the U.S.A. to know the ultimate beneficial owner of state incorporated business associations.

The CDD rules strengthen the customer due diligence obligations of banks and other financial institutions such as including brokers or dealers in securities, mutual funds, futures merchants, and commodities brokers. The CDD rules add a new requirement that these entities know and verify the identities of the real people, that is the ultimate beneficial owners who own, control, and profit from the companies they service.FinCEN has stated that this information will be used to provide reciprocity under the FATCA IGA agreements to foreign governments.

The CDD rules include a new emphasis of the original four BSA core customer due diligence elements:

identifying and verifying the identity of customers;

identifying and verifying the beneficial owners of legal entity customers;

understanding the nature and purpose of customer relationships; and

conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.

The CDD rules requirement to identify and verify the identity of beneficial owners is addressed through a new requirement for covered financial institutions to collect beneficial ownership in a standardized format (contained in the final FinCEN notice). Pursuant to FATF standards and the CRS requirement, U.S. financial institutions will have to identify and verify any individual who owns 25 percent to more of a legal entity, and an individual who controls the legal entity.

The primary impact here regards the second element that requires financial institutions to identify and verify the beneficial owners of legal entity customers. The CDD rules establish the requirement that financial institutions identify the natural persons who are beneficial owners of legal entity customers, subject to limited exemptions. The definition of “beneficial owner” requires that the person identified as a beneficial owner be a natural person (as opposed to another legal entity). A financial institution must satisfy this requirement by obtaining at the time a new account is opened a standard certification form directly from the individual opening the new account on behalf of the legal entity customer.

Financial institutions will be required to verify the identity of beneficial owners consistent with their existing CIP practices. However, FinCEN provided a loophole under the CDD rules in that it does not require that financial institutions verify that the natural persons identified on the form are in fact the actual ultimate beneficial owners. Thus by example, as exposed in the Panama Papers, Panamanian corporate service providers’ potential use of a power of attorney to disguise a client may still be leveraged for nefarious means. In other words, the requirement focuses on verifying the identity of the beneficial owners, but does not require the verification of their status as beneficial owners.

In order to identify the beneficial owner, a covered financial institution must obtain a certification from the individual opening the account on behalf of the legal entity customer (at the time of account opening). The form requires the individual opening the account on behalf of the legal entity customer to identify the beneficial owner(s) of the legal entity customer by providing the beneficial owner’s:

name,

date of birth,

address and

social security number (for U.S. persons).

For foreign persons, financial institutions must verify the authenticity of the certification with a -

a passport number and country of issuance, or

other similar identification number (name, date of birth, address, and social security number (for U.S. persons), etc.), according to the same documentary and non-documentary methods the financial institution may use in connection with its customer identification program (to the extent applicable to customers that are individuals), within a reasonable time after the account is opened.

A financial institution must also include procedures for responding to circumstances in which it cannot form a reasonable belief that it knows the true identity of the beneficial owner, as described under the CIP rules.

The proposed definition of “beneficial owner” includes two independent prongs:

(a) an ownership prong and

(b) a control prong.

A covered financial institution must identify each individual under the ownership prong (i.e., each individual who owns 25 percent or more of the equity interests), in addition to one individual for the control prong (i.e., any individual with significant managerial control).

If no individual owns 25 percent or more of the equity interests, then the financial institution may identify a beneficial owner under the control prong only. If appropriate, the same individual(s) may be identified under both criteria.

It bears mentioning in conclusion that the European Union is working to establish an international protocol that will allow foreign government and even public access to such beneficial ownership information of all entities, probably starting in 2017. Some EU countries like the UK and France have already published beneficial ownership lists for public access.